Gregor77 utworzono 3 września 2014 utworzono 3 września 2014 Witam serdecznie. Mam problem odnosnie komputera laptopa. Otoz mialem na nim podsluch i wogole wydaje mi sie nastapilo wlamanie przez modem. Moj modem to Haweya e 173. Mialem aero i jacys ludzie zablokowali mi dostep do niego tzn nie moglem sie poloczyc. Pozniej kupilem karte startowa playa i moglem juz korzystac. System dwa razy stawiany. Po pierszym stawianiu internet aero chodzil strasznie zamulajac tak jak by sie ktos podlaczyl tylko nie wiem jak. Wyłaczylem blutupa i wifi. przeskanowalem combofixem i bylo lepiej. Pozniej jeszcze raz byl stawiany. Skany esetem i kasperskim przyniosly rezultaty. Ostatni skan combofixem : ComboFix 14-08-26.02 - Gregor84 2014-09-01 21:55:03.1.4 - x64 Microsoft Windows 8 6.2.9200.0.1250.48.1045.18.3980.3078 [GMT 2:00] Uruchomiony z: c:\users\Gregor84\Desktop\ComboFix.exe AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} . . ((((((((((((((((((((((((((((((((((((((( Usunięto ))))))))))))))))))))))))))))))))))))))))))))))))) . . c:\programdata\SetStretch.exe c:\programdata\SetStretch.VBS c:\windows\msvcr71.dll . . ((((((((((((((((((((((((( Pliki utworzone od 2014-08-01 do 2014-09-01 ))))))))))))))))))))))))))))))) . . 2014-09-01 20:02 . 2014-09-01 20:02 -------- d-----w- c:\users\Default\AppData\Local\temp 2014-09-01 19:44 . 2014-04-16 20:12 5181144 ----a-w- c:\programdata\cis4508.exe 2014-09-01 17:43 . 2010-11-04 15:52 93696 ----a-w- c:\windows\system32\drivers\ew_jucdcacm.sys 2014-09-01 17:43 . 2010-10-09 12:49 85504 ----a-w- c:\windows\system32\drivers\ew_jubusenum.sys 2014-09-01 17:43 . 2010-09-26 16:01 29184 ----a-w- c:\windows\system32\drivers\ew_juextctrl.sys 2014-09-01 17:43 . 2010-09-26 16:01 55296 ----a-w- c:\windows\system32\drivers\ew_jucdcecm.sys 2014-09-01 17:43 . 2010-09-03 15:36 196608 ----a-w- c:\windows\system32\drivers\ew_juwwanecm.sys 2014-09-01 17:43 . 2010-08-31 16:09 256000 ----a-w- c:\windows\system32\drivers\ewusbnet.sys 2014-09-01 17:43 . 2010-08-07 15:49 121600 ----a-w- c:\windows\system32\drivers\ewusbmdm.sys 2014-09-01 17:43 . 2010-05-10 12:22 999936 ----a-w- c:\windows\system32\drivers\mod7700.sys 2014-09-01 17:43 . 2010-03-20 10:06 13952 ----a-w- c:\windows\system32\drivers\ew_usbenumfilter.sys 2014-09-01 17:43 . 2010-01-18 16:48 32768 ----a-w- c:\windows\system32\drivers\ewdcsc.sys 2014-09-01 17:43 . 2010-07-27 07:52 117248 ----a-w- c:\windows\system32\drivers\ew_hwusbdev.sys 2014-09-01 17:43 . 2014-09-01 17:44 -------- d-----w- c:\program files (x86)\PLAY ONLINE 2014-09-01 17:09 . 2014-05-15 01:02 59424 ----a-w- c:\windows\system32\wuauclt.exe 2014-09-01 17:09 . 2014-05-14 22:43 3286528 ----a-w- c:\windows\system32\wuaueng.dll 2014-09-01 17:09 . 2014-05-14 22:43 253440 ----a-w- c:\windows\system32\WUSettingsProvider.dll 2014-09-01 17:09 . 2014-05-14 22:43 1623040 ----a-w- c:\windows\system32\wucltux.dll 2014-09-01 17:09 . 2014-05-14 22:42 176640 ----a-w- c:\windows\system32\storewuauth.dll 2014-09-01 17:08 . 2013-08-16 05:21 49152 ----a-w- c:\windows\system32\wups2.dll 2014-09-01 11:06 . 2014-09-01 13:46 -------- d-----w- c:\program files (x86)\Sony Ericsson 2014-09-01 08:17 . 2014-09-01 08:17 -------- d-----w- c:\program files (x86)\Mozilla Maintenance Service 2014-08-31 19:56 . 2008-03-27 14:51 1490656 ----a-w- c:\windows\system32\WdfCoInstaller01007.dll 2014-08-31 19:56 . 2008-03-27 14:51 1490656 ----a-w- c:\windows\system32\drivers\WdfCoInstaller01007.dll 2014-08-31 19:53 . 2014-09-01 17:44 -------- d-----w- c:\programdata\DatacardService 2014-08-31 19:42 . 2014-08-31 19:42 -------- d-----w- c:\program files\AdTrustMedia 2014-08-31 19:42 . 2014-08-31 19:42 -------- d-----w- c:\program files (x86)\AdTrustMedia 2014-08-31 19:42 . 2014-08-31 19:42 -------- d-----w- c:\programdata\Adtrustmedia 2014-08-31 19:13 . 2014-08-31 19:17 -------- d-----w- c:\users\Gregor84 2014-08-31 19:06 . 2014-08-31 19:06 -------- d--h--r- c:\users\Public\AccountPictures . . . (((((((((((((((((((((((((((((((((((((((( Sekcja Find3M )))))))))))))))))))))))))))))))))))))))))))))))))))) . . . ((((((((((((((((((((((((((((((((((((( Wpisy startowe rejestru )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Uwaga* puste wpisy oraz domyślne, prawidłowe wpisy nie są pokazane REGEDIT4 . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\~\Browser Helper Objects\{FB16E5C3-A9E2-47A2-8EFC-319E775E62CC}] 2013-11-15 12:17 744616 ----a-w- c:\program files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll . [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "HW_OPENEYE_OUC_PLAY ONLINE"="c:\program files (x86)\PLAY ONLINE\UpdateDog\ouc.exe" [2009-04-14 110592] . [HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run] "PrivDogService"="c:\program files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedadssvc.exe" [2013-11-15 525480] . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system] "ConsentPromptBehaviorAdmin"= 5 (0x5) "EnableUIADesktopToggle"= 0 (0x0) "EnableCursorSuppression"= 1 (0x1) "ConsentPromptBehaviorUser"= 3 (0x3) "DisableCAD"= 1 (0x1) . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS] @="" . [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc] @="" . R3 Asus WebStorage Windows Service;Asus WebStorage Windows Service;c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe;c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSWinService.exe [x] R3 AthBTPort;Qualcomm Atheros Virtual Bluetooth Class;c:\windows\system32\DRIVERS\btath_flt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_flt.sys [x] R3 BTATH_A2DP;Bluetooth A2DP Audio Driver;c:\windows\system32\drivers\btath_a2dp.sys;c:\windows\SYSNATIVE\drivers\btath_a2dp.sys [x] R3 btath_avdt;Qualcomm Atheros Bluetooth AVDT Service;c:\windows\system32\drivers\btath_avdt.sys;c:\windows\SYSNATIVE\drivers\btath_avdt.sys [x] R3 BTATH_HCRP;Bluetooth HCRP Server driver;c:\windows\System32\drivers\btath_hcrp.sys;c:\windows\SYSNATIVE\drivers\btath_hcrp.sys [x] R3 BTATH_LWFLT;Bluetooth LWFLT Device;c:\windows\system32\DRIVERS\btath_lwflt.sys;c:\windows\SYSNATIVE\DRIVERS\btath_lwflt.sys [x] R3 BTATH_RCP;Bluetooth AVRCP Device;c:\windows\System32\drivers\btath_rcp.sys;c:\windows\SYSNATIVE\drivers\btath_rcp.sys [x] R3 BtFilter;BtFilter;c:\windows\system32\DRIVERS\btfilter.sys;c:\windows\SYSNATIVE\DRIVERS\btfilter.sys [x] R3 BthLEEnum;Sterownik funkcji Bluetooth Low Energy;c:\windows\system32\DRIVERS\BthLEEnum.sys;c:\windows\SYSNATIVE\DRIVERS\BthLEEnum.sys [x] R3 ew_hwusbdev;Huawei MobileBroadband USB PNP Device;c:\windows\system32\DRIVERS\ew_hwusbdev.sys;c:\windows\SYSNATIVE\DRIVERS\ew_hwusbdev.sys [x] R3 ewusbnet;HUAWEI USB-NDIS miniport;c:\windows\system32\DRIVERS\ewusbnet.sys;c:\windows\SYSNATIVE\DRIVERS\ewusbnet.sys [x] R3 GamesAppService;GamesAppService;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe;c:\program files (x86)\WildTangent Games\App\GamesAppService.exe [x] S0 iaStorA;iaStorA;c:\windows\System32\drivers\iaStorA.sys;c:\windows\SYSNATIVE\drivers\iaStorA.sys [x] S1 ATKWMIACPIIO;ATKWMIACPI Driver;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys;c:\program files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [x] S2 AFBAgent;AFBAgent;c:\windows\system32\FBAgent.exe;c:\windows\SYSNATIVE\FBAgent.exe [x] S2 ASMMAP64;ASMMAP64;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys;c:\program files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [x] S2 HWDeviceService64.exe;HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe;c:\programdata\DatacardService\HWDeviceService64.exe [x] S3 AiCharger;ASUS Charger Driver;c:\windows\system32\DRIVERS\AiCharger.sys;c:\windows\SYSNATIVE\DRIVERS\AiCharger.sys [x] S3 ASUS InstantOn;ASUS InstantOn Service;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe;c:\program files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [x] S3 AtherosSvc;AtherosSvc;c:\program files (x86)\Bluetooth Suite\adminservice.exe;c:\program files (x86)\Bluetooth Suite\adminservice.exe [x] S3 ATP;ASUS Input Device;c:\windows\System32\drivers\AsusTP.sys;c:\windows\SYSNATIVE\drivers\AsusTP.sys [x] S3 BTATH_BUS;Qualcomm Atheros Bluetooth Bus;c:\windows\System32\drivers\btath_bus.sys;c:\windows\SYSNATIVE\drivers\btath_bus.sys [x] S3 HIDSwitch;ASUS Wireless Radio Control;c:\windows\System32\drivers\AsHIDSwitch64.sys;c:\windows\SYSNATIVE\drivers\AsHIDSwitch64.sys [x] S3 huawei_enumerator;huawei_enumerator;c:\windows\System32\drivers\ew_jubusenum.sys;c:\windows\SYSNATIVE\drivers\ew_jubusenum.sys [x] S3 ICCS;Intel(R) Integrated Clock Controller Service - Intel(R) ICCS;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe;c:\program files (x86)\Intel\Intel(R) Integrated Clock Controller Service\ICCProxy.exe [x] S3 IconMan_R;IconMan_R;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe;c:\program files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [x] S3 IntcDAud;Audio dla wyświetlaczy Intel(R);c:\windows\system32\DRIVERS\IntcDAud.sys;c:\windows\SYSNATIVE\DRIVERS\IntcDAud.sys [x] S3 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x] S3 Intel(R) ME Service;Intel(R) ME Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [x] S3 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [x] S3 RSBASTOR;Realtek PCIE CardReader Driver - BA;c:\windows\system32\DRIVERS\RtsBaStor.sys;c:\windows\SYSNATIVE\DRIVERS\RtsBaStor.sys [x] S3 RTL8168;Realtek 8168 NT Driver;c:\windows\system32\DRIVERS\Rt630x64.sys;c:\windows\SYSNATIVE\DRIVERS\Rt630x64.sys [x] S3 UNS;Intel(R) Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [x] S3 ZAtheros Bt and Wlan Coex Agent;ZAtheros Bt and Wlan Coex Agent;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe;c:\program files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [x] . . Zawartość folderu 'Zaplanowane zadania' . 2014-09-01 c:\windows\Tasks\Adobe Flash Player Updater.job - c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2014-09-01 11:41] . . --------- X64 Entries ----------- . . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_B] @="{6D4133E5-0742-4ADC-8A8C-9303440F7190}" [HKEY_CLASSES_ROOT\CLSID\{6D4133E5-0742-4ADC-8A8C-9303440F7190}] 2012-09-27 07:15 1472512 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_O] @="{64174815-8D98-4CE6-8646-4C039977D808}" [HKEY_CLASSES_ROOT\CLSID\{64174815-8D98-4CE6-8646-4C039977D808}] 2012-09-27 07:15 1472512 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll . [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\!AsusWSShellExt_U] @="{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}" [HKEY_CLASSES_ROOT\CLSID\{1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4D}] 2012-09-27 07:15 1472512 ----a-w- c:\program files (x86)\ASUS\WebStorage Sync Agent\1.1.18.159\AsusWSShellExt64.dll . ------- Skan uzupełniający ------- . uLocal Page = c:\windows\system32\blank.htm uStart Page = hxxp://asus13.msn.com mLocal Page = c:\windows\SysWOW64\blank.htm IE: {{2F5C139F-79BD-4C84-A95A-E7140525BC55} - {5B06364D-FF00-4BD5-9D01-4379952513F2} - c:\program files (x86)\AdTrustMedia\PrivDog\1.8.0.15\trustedads.dll TCP: Interfaces\{2E2D149B-12FE-4E86-B22D-CE61CC577BE3}: NameServer = 89.108.202.21 89.108.195.21 FF - ProfilePath - c:\users\Gregor84\AppData\Roaming\Mozilla\Firefox\Profiles\tmp6sis5.default\ FF - prefs.js: browser.search.selectedEngine - Google FF - user.js: plugin.state.npcontentblocker - 2 FF - user.js: plugin.state.nponlinebanking - 2 FF - user.js: plugin.state.npvkplugin - 2 FF - user.js: plugin.state.anti_banner_native_proxy - 2 FF - user.js: plugin.state.url_advisor - 2 . - - - - USUNIĘTO PUSTE WPISY - - - - . Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file) ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file) ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file) Toolbar-Locked - (no file) ShellIconOverlayIdentifiers-{F241C880-6982-4CE5-8CF7-7085BA96DA5A} - (no file) ShellIconOverlayIdentifiers-{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} - (no file) ShellIconOverlayIdentifiers-{BBACC218-34EA-4666-9D7A-C78F2274A524} - (no file) . . . --------------------- ZABLOKOWANE KLUCZE REJESTRU --------------------- . [HKEY_LOCAL_MACHINE\SOFTWARE\McAfee] "SymbolicLinkValue"=hex(6):5c,00,72,00,65,00,67,00,69,00,73,00,74,00,72,00,79, 00,5c,00,6d,00,61,00,63,00,68,00,69,00,6e,00,65,00,5c,00,53,00,6f,00,66,00,\ . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4d36e96d-e325-11ce-bfc1-08002be10318}\0000\AllUserSettings] @Denied: (A) (Users) @Denied: (A) (Everyone) @Allowed: (B 1 2 3 4 5) (S-1-5-20) "BlindDial"=dword:00000000 . [HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\PCW\Security] @Denied: (Full) (Everyone) @SACL=(02 0000) . Czas ukończenia: 2014-09-01 22:12:57 ComboFix-quarantined-files.txt 2014-09-01 20:12 . Przed: 163 632 590 848 bytes free Po: 163 352 895 488 bytes free . - - End Of File - - 6800917F7141A9457933069F7C8CC743 Nie za bardzo sie na tym znam. Zainstalowalem comodo firewal i teraz mam internet wifi. W sumie chcialbym miec pewnosc ze nie mam zadnych podsluchow badz programow ktore w kontroluja co robie . Prosze o pomoc
pawel315 komentarz 3 września 2014 komentarz 3 września 2014 Na początek to logi z FRST podaj a nie z Combofix'a
Gregor77 komentarz 5 września 2014 Autor komentarz 5 września 2014 A wiec wlasnie zrobilem skan frst :
Wciąż szukasz rozwiązania problemu? Napisz teraz na forum!
Możesz zadać pytanie bez konieczności rejestracji - wystarczy, że wypełnisz formularz.